Forensic Assistant

The program "Forensic Assistant" was designed for computer forensic experts that work for state institutions and institutions performing expert examinations for fee. The program was developed by the designers that have a many years' experience in performing expert examinations and working in the field of computer security. This fact helped to make this program convenient for practical application.

The program is oriented to the practicing forensic experts who would like to perform correct forensic examinations.

The program helps to find and analyze important forensic information in the programs, logs and files as follows:

Documents made in OLE2 format (including metadata extraction and description). "Forensic Assistant" is one of few programs subjected to low level analysis. This program is able to display real dates of file modifications.

The above said file formats (except Firefox and ICQ6) are subjected to the low level analysis and it helps to analyze and obtain available information even from damaged files. Adapted by a special method algorithms were used in the program, so it helps to reduce the time that is necessary for the process of examination.

Additional options

Creation file copies in accordance with a list of files. In this case a file path is preserved ("clean" list, "Kaspersky Antivirus" log, "AVSearch" log).

Coding and decoding the information given in base64 (MIME) format.

Decoding of files and file fragments that were coded by use of the operations DEC, ADD, XOR (for example, installation of malicious software).

Bases containing several thousands of ICQ numbers with nicknames and types of activity indicated. Those ICQ numbers were used by Russian network frauders, carders, spammers, hackers, virusmakers and spreaders of malicious software.